Docker build


Docker build

Building container image uses services

Use docker:dind for containerized Docker daemon

The GitLab runner must be configured to run privileged container

job_name:
  services:
  - name: docker:dind
  variables:
    DOCKER_TLS_CERTDIR: ""
  script: docker build .

Hands-On

See chapter Jobs and stages


Security implications

Privileged containers enable host breakouts

Mitigate using gvisor, kata-containers, sysbox

Alternatives to Docker-in-Docker

Rootless and/or daeamonless builds using…

Question of security vs. usability